|
Family: CGI abuses --> Category: infos
phpMyAdmin Multiple Remote Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Checks the version of phpMyAdmin
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected by
multiple vulnerabilities.
Description :
According to its banner, the remote version of phpMyAdmin is
vulnerable to one (or both) of the following flaws :
- A possible hacker may be able to exploit this software to execute
arbitrary commands on the remote host on a server which does not run
PHP in safe mode.
- A possible hacker may be able to read arbitrary files on the remote host
through the argument 'sql_localfile' of the file 'read_dump.php'.
See also :
http://www.exaprobe.com/labs/advisories/esa-2004-1213.html
http://archives.neohapsis.com/archives/bugtraq/2004-12/0115.html
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-4
Solution :
Upgrade to phpMyAdmin version 2.6.1-rc1 or later.
Threat Level:
Medium / CVSS Base Score : 6
(AV:R/AC:H/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|